cvedb.io
CVE-2021-3701
MEDIUM · CVSS 6.6
EPSS exploitation probability: 0%
Published 2022-08-23T16:15:09.500 · Last modified 2026-06-17T04:05:35.227

Summary

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.

Affected products

redhat — ansible_runner

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.